The company has been contacted to see if it's aware of the new attack method

On Monday, we learned that a DOM-based cross-site scripting (XSS) vulnerability that affected Yahoo! could be exploited by cybercriminals to take over accounts. The company rushed to issue a fix for the security hole, but experts have found that the patch is not effective.

Security expert Shahin Ramezany, the one who first identified the issue, and researchers from Offensive Security have determined that with a small modification made to the original attack method, the vulnerability can still be exploited if the attacker can convince the victim to click on a link containing malicious code.

In the statement released by Yahoo!, the company’s representatives were confident that the issue had been fixed.

I’ve contacted Yahoo! to see what they have to say about the new claims. The post will be updated as soon as they respond.

Until the issue is properly addressed, users are advised not to click on any suspicious links.